Merge branch 'master' of https://github.com/wso2/carbon-device-mgt into theme-migration

components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/META-INF/permissions.xml

@@ -32,7 +32,7 @@
     <!-- Device related APIs -->
     <Permission>
         <name>get certificate in the database</name>
-        <path>/device-mgt/admin/certificate/GetSignCSR</path>
+        <path>/device-mgt/certificate/GetSignCSR</path>
         <url>/certificates/scep/signcsr</url>
         <method>POST</method>
         <scope>emm_admin</scope>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ActivityInfoProviderService.java

@@ -93,7 +93,7 @@ public interface ActivityInfoProviderService {
                     message = "Internal Server Error. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Activities", permission = "/device-mgt/activities/view")
+    @Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view")
     Response getActivity(
             @ApiParam(
                     name = "id",
@@ -154,7 +154,7 @@ public interface ActivityInfoProviderService {
                     message = "Internal Server Error. \n Server error occurred while fetching activity data.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Activities", permission = "/device-mgt/activities/view")
+    @Permission(name = "View Activities", permission = "/device-mgt/devices/owning/view")
     Response getActivities(
             @ApiParam(
                     name = "since",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/ConfigurationManagementService.java

@@ -82,7 +82,7 @@ public interface ConfigurationManagementService {
                             "platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Configurations", permission = "/device-mgt/configuration/view")
+    @Permission(name = "View Configurations", permission = "/device-mgt/configurations/view")
     Response getConfiguration(
             @ApiParam(
                     name = "If-Modified-Since",
@@ -128,7 +128,7 @@ public interface ConfigurationManagementService {
                             "Server error occurred while modifying general platform configuration.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "Manage configurations", permission = "/device-mgt/configuration/manage")
+    @Permission(name = "Manage configurations", permission = "/device-mgt/configurations/manage")
     Response updateConfiguration(
             @ApiParam(
                     name = "configuration",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -93,7 +93,7 @@ public interface DeviceManagementService {
                     message = "Internal Server Error. \n Server error occurred while fetching the device list.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getDevices(
             @ApiParam(
                     name = "name",
@@ -200,7 +200,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving information requested device.",
                             response = ErrorResponse.class)
             })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getDevice(
             @ApiParam(
                     name = "type",
@@ -282,7 +282,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving feature list of the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getFeaturesOfDevice(
             @ApiParam(
                     name = "type",
@@ -358,7 +358,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while enrolling the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response searchDevices(
             @ApiParam(
                     name = "offset",
@@ -437,7 +437,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving installed application list of the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getInstalledApplications(
             @ApiParam(
                     name = "type",
@@ -533,7 +533,7 @@ public interface DeviceManagementService {
                                     "Server error occurred while retrieving operation list scheduled for the device.",
                             response = ErrorResponse.class)
             })
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getDeviceOperations(
             @ApiParam(
                     name = "type",
@@ -631,7 +631,7 @@ public interface DeviceManagementService {
                             response = ErrorResponse.class)
             }
     )
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getEffectivePolicyOfDevice(
             @ApiParam(
                     name = "type",
@@ -683,7 +683,7 @@ public interface DeviceManagementService {
                             response = ErrorResponse.class)
             }
     )
-    @Permission(name = "View Devices", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getComplianceDataOfDevice(
             @ApiParam(
                     name = "type",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceTypeManagementService.java

@@ -79,7 +79,7 @@ public interface DeviceTypeManagementService {
                             response = ErrorResponse.class)
             }
     )
-    @Permission(name = "View Device Types", permission = "/device-mgt/devices/view")
+    @Permission(name = "View Device Types", permission = "/device-mgt/devices/owning/view")
     Response getDeviceTypes(
             @ApiParam(
                     name = "If-Modified-Since",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/GroupManagementService.java

@@ -82,7 +82,7 @@ public interface GroupManagementService {
 //
 //    @GET
 //    @Path("/{groupName}/devices")
-//    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/admin/groups/roles"})
+//    @Permission(scope = "group-view", permissions = {"/permission/admin/device-mgt/groups/roles"})
 //    Response getDevicesOfGroup(@PathParam("groupName") String groupName, @QueryParam("offset") int offset,
 //                        @QueryParam("limit") int limit);
 //

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceManagementAdminService.java

@@ -86,7 +86,7 @@ public interface DeviceManagementAdminService {
                     message = "Internal Server Error. \n Server error occurred while fetching the device list.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Devices", permission = "/device-mgt/admin/devices/view")
+    @Permission(name = "View Devices", permission = "/device-mgt/devices/owning/view")
     Response getDevicesByName(
             @ApiParam(
                     name = "name",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/UserManagementAdminService.java

@@ -69,7 +69,7 @@ public interface UserManagementAdminService {
                             "Server error occurred while updating credentials of the user.",
                     response = ErrorResponse.class)
     })
-    @Permission(name = "View Users", permission = "/device-mgt/admin/users/view")
+    @Permission(name = "View Users", permission = "/device-mgt/users/manage")
     Response resetUserPassword(
             @ApiParam(
                     name = "username",

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java

@@ -327,7 +327,9 @@ public class UserManagementServiceImpl implements UserManagementService {
         try {
             UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
             int userCount = userStoreManager.listUsers("*", -1).length;
-            return Response.status(Response.Status.OK).entity(userCount).build();
+            BasicUserInfoList result = new BasicUserInfoList();
+            result.setCount(userCount);
+            return Response.status(Response.Status.OK).entity(result).build();
         } catch (UserStoreException e) {
             String msg = "Error occurred while retrieving the user count.";
             log.error(msg, e);

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/META-INF/permissions.xml

@@ -45,334 +45,334 @@
     </Permission>
     <Permission>
         <name>Devices</name>
-        <path>/device-mgt/admin/devices</path>
+        <path>/device-mgt/devices</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Device related APIs -->
     <Permission>
         <name>List devices</name>
-        <path>/device-mgt/admin/devices/List</path>
+        <path>/device-mgt/devices/List</path>
         <url>/devices</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Search devices</name>
-        <path>/device-mgt/admin/devices/Search</path>
+        <path>/device-mgt/devices/Search</path>
         <url>/devices/search-devices</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>View device</name>
-        <path>/device-mgt/admin/devices/View</path>
+        <path>/device-mgt/devices/View</path>
         <url>/devices/*/*</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View device info</name>
-        <path>/device-mgt/admin/devices/View</path>
+        <path>/device-mgt/devices/View</path>
         <url>/devices/*/*/info</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View device applications</name>
-        <path>/device-mgt/admin/devices/View-Applications</path>
+        <path>/device-mgt/devices/View-Applications</path>
         <url>/devices/*/*/applications</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View device effective-policy</name>
-        <path>/device-mgt/admin/devices/View-Active-Policy</path>
+        <path>/device-mgt/devices/View-Active-Policy</path>
         <url>/devices/*/*/effective-policy</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View devices feature</name>
-        <path>/device-mgt/admin/devices/View-Features</path>
+        <path>/device-mgt/devices/View-Features</path>
         <url>/devices/*/*/features</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View device operations</name>
-        <path>/device-mgt/admin/devices/View-Operations</path>
+        <path>/device-mgt/devices/View-Operations</path>
         <url>/devices/*/*/operations</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View Compliance Data</name>
-        <path>/device-mgt/admin/devices/View-Compliance-Data</path>
+        <path>/device-mgt/devices/View-Compliance-Data</path>
         <url>/devices/*/*/compliance-data</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>List all devices</name>
-        <path>/device-mgt/admin/devices/Admin-View</path>
+        <path>/device-mgt/devices/Admin-View</path>
         <url>/admin/devices</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View device types</name>
-        <path>/device-mgt/admin/devices/Admin-DeviceType-View</path>
+        <path>/device-mgt/devices/Admin-DeviceType-View</path>
         <url>/admin/device-types</url>
         <method>GET</method>
     </Permission>
     <!-- End of Device related APIs -->
     <Permission>
         <name>Policies</name>
-        <path>/device-mgt/admin/policies</path>
+        <path>/device-mgt/policies</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Policy related APIs -->
     <Permission>
         <name>List policies</name>
-        <path>/device-mgt/admin/policies/List</path>
+        <path>/device-mgt/policies/List</path>
         <url>/policies</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Add Policy</name>
-        <path>/device-mgt/admin/policies/Add</path>
+        <path>/device-mgt/policies/Add</path>
         <url>/policies</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>Activate policy</name>
-        <path>/device-mgt/admin/policies/Activate-Policy</path>
+        <path>/device-mgt/policies/Activate-Policy</path>
         <url>/policies/activate-policy</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>Deactivate Policy</name>
-        <path>/device-mgt/admin/policies/Deactivate-Policy</path>
+        <path>/device-mgt/policies/Deactivate-Policy</path>
         <url>/policies/deactivate-policy</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>Remove Policy</name>
-        <path>/device-mgt/admin/policies/Remove</path>
+        <path>/device-mgt/policies/Remove</path>
         <url>/policies/remove-policy</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>View Policy</name>
-        <path>/device-mgt/admin/policies/View</path>
+        <path>/device-mgt/policies/View</path>
         <url>/policies/*</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Update Policy</name>
-        <path>/device-mgt/admin/policies/Update</path>
+        <path>/device-mgt/policies/Update</path>
         <url>/policies/*</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>Update Policy</name>
-        <path>/device-mgt/admin/policies/Update</path>
+        <path>/device-mgt/policies/Update</path>
         <url>/policies/apply-changes</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>Update Policy</name>
-        <path>/device-mgt/admin/policies/Change-Priority</path>
+        <path>/device-mgt/policies/Change-Priority</path>
         <url>/policies/priorities</url>
         <method>PUT</method>
     </Permission>
     <!-- End of Policy related APIs -->
     <Permission>
         <name>Notifications</name>
-        <path>/device-mgt/admin/notifications</path>
+        <path>/device-mgt/notifications</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Notification related APIs -->
     <Permission>
         <name>View notifications</name>
-        <path>/device-mgt/admin/notifications/View</path>
+        <path>/device-mgt/notifications/View</path>
         <url>/notifications</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Mark checked notifications</name>
-        <path>/device-mgt/admin/notifications/View</path>
+        <path>/device-mgt/notifications/View</path>
         <url>/notifications/*/mark-checked</url>
         <method>PUT</method>
     </Permission>
     <!-- End of Notification related APIs -->
     <Permission>
         <name>Users</name>
-        <path>/device-mgt/admin/users</path>
+        <path>/device-mgt/users</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- User related APIs -->
     <Permission>
         <name>List users</name>
-        <path>/device-mgt/admin/users/List</path>
+        <path>/device-mgt/users/List</path>
         <url>/users</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Add user</name>
-        <path>/device-mgt/admin/users/Add</path>
+        <path>/device-mgt/users/Add</path>
         <url>/users</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>List users</name>
-        <path>/device-mgt/admin/users/Search</path>
+        <path>/device-mgt/users/Search</path>
         <url>/users/search/usernames</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Remove user</name>
-        <path>/device-mgt/admin/users/Remove</path>
+        <path>/device-mgt/users/Remove</path>
         <url>/users/*</url>
         <method>DELETE</method>
     </Permission>
     <Permission>
         <name>View user</name>
-        <path>/device-mgt/admin/users/View</path>
+        <path>/device-mgt/users/View</path>
         <url>/users/*</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Update user</name>
-        <path>/device-mgt/admin/users/Update</path>
+        <path>/device-mgt/users/Update</path>
         <url>/users/*</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>Update user credentials</name>
-        <path>/device-mgt/admin/users/Change-Password</path>
+        <path>/device-mgt/users/Change-Password</path>
         <url>/users/*/credentials</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>View assigned role</name>
-        <path>/device-mgt/admin/roles/Assigned-Roles</path>
+        <path>/device-mgt/roles/Assigned-Roles</path>
         <url>/users/*/roles</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Change any user credentials</name>
-        <path>/device-mgt/admin/users/Change-Password-Any</path>
+        <path>/device-mgt/users/Change-Password-Any</path>
         <url>/admin/users/*/credentials</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>Send invitation mail</name>
-        <path>/device-mgt/admin/users/Send-invitations</path>
+        <path>/device-mgt/users/Send-invitations</path>
         <url>/users/send-invitation</url>
         <method>POST</method>
     </Permission>
     <!-- End of User related APIs -->
     <Permission>
         <name>Roles</name>
-        <path>/device-mgt/admin/roles</path>
+        <path>/device-mgt/roles</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Role related APIs -->
     <Permission>
         <name>List roles</name>
-        <path>/device-mgt/admin/roles/List</path>
+        <path>/device-mgt/roles/List</path>
         <url>/roles</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Add role</name>
-        <path>/device-mgt/admin/roles/Add</path>
+        <path>/device-mgt/roles/Add</path>
         <url>/roles</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>Remove role</name>
-        <path>/device-mgt/admin/roles/Remove</path>
+        <path>/device-mgt/roles/Remove</path>
         <url>/roles/*</url>
         <method>DELETE</method>
     </Permission>
     <Permission>
         <name>View role</name>
-        <path>/device-mgt/admin/roles/View</path>
+        <path>/device-mgt/roles/View</path>
         <url>/roles/*</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Update role</name>
-        <path>/device-mgt/admin/roles/Update</path>
+        <path>/device-mgt/roles/Update</path>
         <url>/roles/*</url>
         <method>PUT</method>
     </Permission>
     <Permission>
         <name>View role permissions</name>
-        <path>/device-mgt/admin/roles/View-Permission</path>
+        <path>/device-mgt/roles/View-Permission</path>
         <url>/roles/*/permissions</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Add Users to role</name>
-        <path>/device-mgt/admin/roles/Add-Users</path>
+        <path>/device-mgt/roles/Add-Users</path>
         <url>/roles/*/users</url>
         <method>PUT</method>
     </Permission>
     <!-- End of Role related APIs -->
     <Permission>
         <name>Configurations</name>
-        <path>/device-mgt/admin/general-configs</path>
+        <path>/device-mgt/general-configs</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Configuration related APIs -->
     <Permission>
         <name>View configuration</name>
-        <path>/device-mgt/admin/general-configuration/View</path>
+        <path>/device-mgt/general-configuration/View</path>
         <url>/configuration</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>Update configuration</name>
-        <path>/device-mgt/admin/general-configuration/Update</path>
+        <path>/device-mgt/general-configuration/Update</path>
         <url>/configuration</url>
         <method>PUT</method>
     </Permission>
     <!-- End of Configuration related APIs -->
     <Permission>
         <name>Activities</name>
-        <path>/device-mgt/admin/activities</path>
+        <path>/device-mgt/activities</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Activity related APIs -->
     <Permission>
         <name>View Activities</name>
-        <path>/device-mgt/admin/activities/View</path>
+        <path>/device-mgt/devices/owning/view</path>
         <url>/activities</url>
         <method>GET</method>
     </Permission>
     <Permission>
         <name>View Activity Details</name>
-        <path>/device-mgt/admin/activities/View</path>
+        <path>/device-mgt/devices/owning/view</path>
         <url>/activities/*</url>
         <method>GET</method>
     </Permission>
     <!-- End of Activity related APIs -->
     <Permission>
         <name>Applications</name>
-        <path>/device-mgt/admin/applications</path>
+        <path>/device-mgt/applications</path>
         <url>/</url>
         <method>GET</method>
     </Permission>
     <!-- Application related APIs -->
     <Permission>
         <name>Install Applications</name>
-        <path>/device-mgt/admin/application/Install</path>
+        <path>/device-mgt/application/Install</path>
         <url>/admin/applications/install-application</url>
         <method>POST</method>
     </Permission>
     <Permission>
         <name>Uninstall-Applications</name>
-        <path>/device-mgt/admin/application/Uninstall</path>
+        <path>/device-mgt/application/Uninstall</path>
         <url>/admin/applications/uninstall-application</url>
         <method>POST</method>
     </Permission>

components/device-mgt/org.wso2.carbon.device.mgt.common/src/main/java/org/wso2/carbon/device/mgt/common/group/mgt/DeviceGroupConstants.java

@@ -67,7 +67,7 @@ public class DeviceGroupConstants {
 
     public static class Permissions {
         public static final String[] DEFAULT_ADMIN_PERMISSIONS =
-                {"/permission/device-mgt/admin/groups", "/permission/device-mgt/user/groups"};
+                {"/permission/device-mgt/groups", "/permission/device-mgt/user/groups"};
         public static final String[] DEFAULT_OPERATOR_PERMISSIONS =
                 {"/permission/device-mgt/user/groups/device_operation"};
         public static final String[] DEFAULT_STATS_MONITOR_PERMISSIONS =

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/authorization/DeviceAccessAuthorizationServiceImpl.java

@@ -47,7 +47,7 @@ import java.util.Map;
  */
 public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthorizationService {
 
-    private final static String CDM_ADMIN_PERMISSION = "/device-mgt/admin";
+    private final static String CDM_ADMIN_PERMISSION = "/device-mgt/devices/any/permitted-actions-upon-owning-device";
     private final static String CDM_ADMIN = "Device Management Administrator";
     private static Log log = LogFactory.getLog(DeviceAccessAuthorizationServiceImpl.class);
 
@@ -246,7 +246,7 @@ public class DeviceAccessAuthorizationServiceImpl implements DeviceAccessAuthori
     private boolean addAdminPermissionToRegistry() throws PermissionManagementException {
         Permission permission = new Permission();
         permission.setName(CDM_ADMIN);
-        permission.setPath(CDM_ADMIN_PERMISSION);
+        permission.setPath(PermissionUtils.getAbsolutePermissionPath(CDM_ADMIN_PERMISSION));
         return PermissionUtils.putPermission(permission);
     }
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/device-api.jag

@@ -152,7 +152,7 @@ if (!user) {
                     result =  responsePayload.responseText;
                 });
     } else if (uriMatcher.match("/{context}/api/devices/")) {
-        if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
+        if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) {
             result = deviceModule.listDevices();
         } else {
             response.sendError(403);
@@ -161,7 +161,7 @@ if (!user) {
         elements = uriMatcher.elements();
         deviceId = elements.deviceId;
         type = elements.type;
-        if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
+        if (userModule.isAuthorized("/permission/admin/device-mgt/devices/list")) {
             result = deviceModule.viewDevice(type, deviceId);
         }else {
             response.sendError(403);
@@ -171,7 +171,7 @@ if (!user) {
         deviceId = elements.deviceId;
         type = elements.type;
         operation = elements.operation;
-        if (userModule.isAuthorized("/permission/admin/device-mgt/admin/devices/operation")) {
+        if (userModule.isAuthorized("/permission/admin/device-mgt/devices/operation")) {
             result = deviceModule.performOperation(deviceId, operation, [], type);
         } else {
             response.sendError(403);

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag

@@ -98,7 +98,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
     /*
      @Deprecated
      */
-    if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/invite")) {
+    if (userModule.isAuthorized("/permission/admin/device-mgt/user/invite")) {
         elements = uriMatcher.elements();
         username = elements.username;
         userModule.inviteUser(username);
@@ -109,7 +109,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
     /*
      @Deprecated
      */
-    if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/add")) {
+    if (userModule.isAuthorized("/permission/admin/device-mgt/user/add")) {
         addUserFormData = request.getContent();
         username = addUserFormData.username;
         firstname = addUserFormData.firstname;
@@ -160,7 +160,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
     /*
      @Deprecated
      */
-    if (userModule.isAuthorized("/permission/admin/device-mgt/admin/user/remove")) {
+    if (userModule.isAuthorized("/permission/admin/device-mgt/user/remove")) {
         elements = uriMatcher.elements();
         username = elements.username;
         try {

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/business-controllers/user.js

@@ -396,25 +396,25 @@ var userModule = function () {
 
     publicMethods.getUIPermissions = function () {
         var permissions = {};
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/devices/list")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/devices/list")) {
             permissions["LIST_DEVICES"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/devices/list")) {
             permissions["LIST_OWN_DEVICES"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/groups/list")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/groups/list")) {
             permissions["LIST_ALL_GROUPS"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/list")) {
             permissions["LIST_GROUPS"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/list")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/list")) {
             permissions["LIST_USERS"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/list")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/list")) {
             permissions["LIST_ROLES"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/list")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/list")) {
             permissions["LIST_ALL_POLICIES"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/list")) {
@@ -426,28 +426,28 @@ var userModule = function () {
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/groups/add")) {
             permissions["ADD_GROUP"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/add")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/add")) {
             permissions["ADD_USER"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/users/remove")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/users/remove")) {
             permissions["REMOVE_USER"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/roles/add")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/roles/add")) {
             permissions["ADD_ROLE"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/add")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/add")) {
             permissions["ADD_ADMIN_POLICY"] = true;
         }
         if (publicMethods.isAuthorized("/permission/admin/device-mgt/user/policies/add")) {
             permissions["ADD_POLICY"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/policies/priority")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/policies/priority")) {
             permissions["CHANGE_POLICY_PRIORITY"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/dashboard/view")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/dashboard/view")) {
             permissions["VIEW_DASHBOARD"] = true;
         }
-        if (publicMethods.isAuthorized("/permission/admin/device-mgt/admin/platform-configs/view")) {
+        if (publicMethods.isAuthorized("/permission/admin/device-mgt/platform-configs/view")) {
             permissions["TENANT_CONFIGURATION"] = true;
         }
 

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-protected-service-invokers.js

@@ -45,9 +45,9 @@ var invokers = function () {
      * If the token pair is not set in the session, this will return null.
      */
     privateMethods.getAccessToken = function () {
-        var tokenPair = parse(session.get(constants["TOKEN_PAIR"]));
+        var tokenPair = session.get(constants["TOKEN_PAIR"]);
         if (tokenPair) {
-            return tokenPair["accessToken"];
+            return parse(tokenPair)["accessToken"];
         } else {
             return null;
         }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.hbs

@@ -23,18 +23,20 @@
             <i class="icon fw fw-home"></i>
         </a>
     </li>
+    <li>
+        <a href="{{@app.context}}/certificates">
+            Certificates
+        </a>
+    </li>
     <li>
         <a href="{{@app.context}}/certificates/add">
-            <span class="fw-stack">
+            Add
-               <i class="fw fw-ring fw-stack-2x"></i>
-               <i class="fw fw-document fw-stack-1x"></i>
-            </span>
-            Add Certificate
         </a>
     </li>
 {{/zone}}
 
 {{#zone "content"}}
+    {{#if isAuthorized}}
         <!-- content/body -->
         <div class="row">
             <div class="col-md-12">
@@ -94,6 +96,14 @@
             </div>
         </div>
         <!-- /content/body -->
+    {{else}}
+        <h1 class="page-sub-title">
+            Permission Denied
+        </h1>
+        <br>
+        You not authorized to enter Certificate Management Section.
+        <br>
+    {{/if}}
 {{/zone}}
 
 {{#zone "bottomJs"}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificate.create/create.js

@@ -26,7 +26,8 @@ function onRequest(context) {
     // var log = new Log("units/user-create/create.js");
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
     var mdmProps = require("/app/modules/conf-reader/main.js")["conf"];
-
+    var viewModel = {};
+    viewModel.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/certificates/manage");
     var response = userModule.getRolesByUserStore();
     if (response["status"] == "success") {
         viewModel["roles"] = response["content"];

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.certificates/certificates.hbs

@@ -23,6 +23,15 @@
             <i class="icon fw fw-home"></i>
         </a>
     </li>
+    <li>
+        <a href="{{@app.context}}/certificates">
+           Certificate
+        </a>
+    </li>
+{{/zone}}
+
+{{#zone "navbarActions"}}
+    {{#if removePermitted}}
         <li>
             <a href="{{@app.context}}/certificates/add">
             <span class="fw-stack">
@@ -32,6 +41,7 @@
                 Add Certificate
             </a>
         </li>
+    {{/if}}
 {{/zone}}
 
 {{#zone "content"}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.hbs

@@ -38,6 +38,7 @@
 {{/zone}}
 
 {{#zone "content"}}
+    {{#if canManage}}
     <!-- content/body -->
     <div class="row">
         <div class="col-md-12">
@@ -96,6 +97,7 @@
                                     Role name is required, should be in minimum 3 characters long and not include any whitespaces.
                                 </label>
                             </div>
+                            {{#if canViewUsers}}
                             <label class="wr-input-label">
                                 User list
                             </label>
@@ -104,6 +106,7 @@
                                 <!--suppress HtmlFormInputWithoutLabel -->
                                 <select id="users" class="form-control select2" multiple="multiple"></select>
                             </div>
+                            {{/if}}
                         </div>
                     </div>
                     <br>
@@ -134,6 +137,14 @@
         </div>
     </div>
     <!-- /content/body -->
+    {{else}}
+        <h1 class="page-sub-title">
+            Permission Denied
+        </h1>
+        <br>
+        You not authorized to enter Role Management Section.
+        <br>
+    {{/if}}
 {{/zone}}
 {{#zone "bottomJs"}}
     {{js "js/bottomJs.js"}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.role.create/create.js

@@ -20,16 +20,24 @@
  * Returns the dynamic state to be populated by add-user page.
  * 
  * @param context Object that gets updated with the dynamic state of this page to be presented
- * @returns {*} A context object that returns the dynamic state of this page to be presented
+ * @returns {*} A displayData object that returns the dynamic state of this page to be presented
  */
 function onRequest(context) {
     var userModule = require("/app/modules/business-controllers/user.js")["userModule"];
     var deviceMgtProps = require("/app/modules/conf-reader/main.js")["conf"];
+    var displayData = {};
 
-    context["userStores"] = userModule.getSecondaryUserStores();
+    displayData["userStores"] = userModule.getSecondaryUserStores();
-    context["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
+    displayData["roleNameJSRegEx"] = deviceMgtProps["roleValidationConfig"]["roleNameJSRegEx"];
-    context["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];
+    displayData["roleNameHelpText"] = deviceMgtProps["roleValidationConfig"]["roleNameHelpMsg"];
-    context["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"];
+    displayData["roleNameRegExViolationErrorMsg"] = deviceMgtProps["roleValidationConfig"]["roleNameRegExViolationErrorMsg"];
 
-    return context;
+    if (userModule.isAuthorized("/permission/admin/device-mgt/roles/manage")) {
+        displayData.canManage = true;
+    }
+    if (userModule.isAuthorized("/permission/admin/device-mgt/users/view")) {
+        displayData.canViewUsers = true;
+    }
+
+    return displayData;
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.hbs

@@ -51,7 +51,8 @@
                                 <div id="user-create-error-msg" class="alert alert-danger hidden" role="alert">
                                     <i class="icon fw fw-error"></i><span></span>
                                 </div>
-                            <label class="wr-input-label" title="Select the domain of the user store from the drop-down given below. The domain of the default user store is PRIMARY">
+                                <label class="wr-input-label"
+                                       title="Select the domain of the user store from the drop-down given below. The domain of the default user store is PRIMARY">
                                     User Store Domain
                                     <span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
                                 </label>
@@ -68,19 +69,25 @@
                                     <span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
                                 </label>
                                 <div id="usernameInputField" class="form-group wr-input-control">
-                                <input limit="{{charLimit}}" type="text" id="username" data-regex="{{usernameJSRegEx}}" data-errormsg="{{usernameRegExViolationErrorMsg}}" class="form-control"/>
+                                    <input limit="{{charLimit}}" type="text" id="username"
+                                           data-regex="{{usernameJSRegEx}}"
+                                           data-errormsg="{{usernameRegExViolationErrorMsg}}" class="form-control"/>
                                     <span class=" usernameError hidden glyphicon glyphicon-remove form-control-feedback"></span>
-                                <label class="error usernameEmpty hidden" for="summary">This field is required. Username should be in minimum 3 characters long and do not include any whitespaces.</label>
+                                    <label class="error usernameEmpty hidden" for="summary">This field is required.
+                                        Username should be in minimum 3 characters long and do not include any
+                                        whitespaces.</label>
                                 </div>
                                 <label class="wr-input-label">First Name *</label>
                                 <div id="firstNameField" class="form-group wr-input-control">
-                                <input type="text" id="firstname" data-regex="{{firstnameJSRegEx}}" data-errormsg="{{firstnameRegExViolationErrorMsg}}" class="form-control"/>
+                                    <input type="text" id="firstname" data-regex="{{firstnameJSRegEx}}"
+                                           data-errormsg="{{firstnameRegExViolationErrorMsg}}" class="form-control"/>
                                     <span class="glyphicon glyphicon-remove form-control-feedback hidden fnError"></span>
                                     <label class=" hidden error fnError" for="summary">This field is required.</label>
                                 </div>
                                 <label class="wr-input-label">Last Name *</label>
                                 <div id="lastNameField" class="form-group wr-input-control">
-                                <input type="text" id="lastname" data-regex="{{lastnameJSRegEx}}" data-errormsg="{{lastnameRegExViolationErrorMsg}}" class="form-control"/>
+                                    <input type="text" id="lastname" data-regex="{{lastnameJSRegEx}}"
+                                           data-errormsg="{{lastnameRegExViolationErrorMsg}}" class="form-control"/>
                                     <span class="glyphicon glyphicon-remove form-control-feedback hidden lnError"></span>
                                     <label class=" hidden error lnError" for="summary">This field is required.</label>
                                 </div>
@@ -91,13 +98,17 @@
                                 <div id="emailField" class=" form-group wr-input-control">
                                     <input type="email" id="emailAddress" class="form-control"/>
                                     <span class="glyphicon glyphicon-remove form-control-feedback hidden emailError"></span>
-                                <label class=" hidden error email-required" for="summary">This field is required.</label>
+                                    <label class=" hidden error email-required" for="summary">This field is
-                                <label class=" hidden error email-invalid" for="summary">Invalid Email Address.</label>
+                                        required.</label>
+                                    <label class=" hidden error email-invalid" for="summary">Invalid Email
+                                        Address.</label>
                                 </div>
-                            <label class="wr-input-label" title="Optional field that can have 0-to-many roles for the user">
+                                <label class="wr-input-label"
+                                       title="Optional field that can have 0-to-many roles for the user">
                                     User Roles
                                     <span class="wr-help-tip glyphicon glyphicon-question-sign"></span>
                                 </label>
+                                {{#if canViewRoles}}
                                     <div class="wr-input-control">
                                         <select id="roles" class="form-control select2" multiple="multiple">
                                             {{#each roles}}
@@ -105,6 +116,7 @@
                                             {{/each}}
                                         </select>
                                     </div>
+                                {{/if}}
                             </div>
                         </div>
                         <br>
@@ -128,7 +140,8 @@
                         <br>Please click <b>"Add Another User"</b>, if you wish to add another user or click
                         <b>"View User List"</b> to complete the process and go back to the user list.
                         <hr/>
-                    <button class="wr-btn" onclick="window.location.href='{{@app.context}}/users'">View User List</button>
+                        <button class="wr-btn" onclick="window.location.href='{{@app.context}}/users'">View User List
+                        </button>
                         <a href="{{@app.context}}/user/add" class="cu-btn-inner">
                         <span class="fw-stack">
                             <i class="fw fw-ring fw-stack-2x"></i>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/pages/cdmf.page.user.create/create.js

@@ -35,6 +35,9 @@ function onRequest() {
     if (userModule.isAuthorized("/permission/admin/device-mgt/users/manage")) {
         page.canManage = true;
     }
+    if (userModule.isAuthorized("/permission/admin/device-mgt/roles/view")) {
+        page.canViewRoles = true;
+    }
     var userStores = userModule.getSecondaryUserStores();
     page["userStores"] = userStores;
     page["charLimit"] = devicemgtProps["usernameLength"];

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.footer/footer.hbs

@@ -17,6 +17,8 @@
 }}
 {{#zone "footer"}}
     <p>
-        WSO2 Carbon Device Management Framework v.1.0.0 | &copy; 2015, <a href="http://wso2.com/" target="_blank"><i class="icon fw fw-wso2"></i> Inc</a>. (<a href="http://wso2.com/" target="_blank">http://www.wso2.org</a>) All Rights Reserved.
+        <span class="hidden-xs">WSO2 Carbon Device Management Framework v1.1.3</span>
+        <span class="visible-xs-inline">WSO2 CDMF v1.1.3</span> | &copy; <script>document.write(new Date().getFullYear());</script>,
+        <a href="http://wso2.com/" target="_blank"><i class="icon fw fw-wso2"></i> Inc</a>. All Rights Reserved.
     </p>
 {{/zone}}

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.create/create.js

@@ -26,6 +26,8 @@ function onRequest(context) {
     var types = {};
 
     types.isAuthorized = userModule.isAuthorized("/permission/admin/device-mgt/policies/manage");
+    types.isAuthorizedViewUsers = userModule.isAuthorized("/permission/admin/device-mgt/roles/view");
+    types.isAuthorizedViewRoles = userModule.isAuthorized("/permission/admin/device-mgt/users/view");
     types["types"] = [];
     var typesListResponse = deviceModule.getDeviceTypes();
     if (typesListResponse["status"] == "success") {

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.policy.edit/edit.hbs

@@ -27,7 +27,7 @@
                     </div>
                 </div>
 
-                <div class="container col-centered wr-content policy-message hidden">
+                <div class="col-centered wr-content policy-message hidden">
                     <div class="wr-form">
                         <h1 id="policy-message-page-wizard-title" class="page-sub-title">Policy is successfully
                             re-configured.</h1>
@@ -48,7 +48,7 @@
                     </div>
                 </div>
 
-                <div class="container col-centered wr-content policy-naming hidden">
+                <div class="col-centered wr-content policy-naming hidden">
                     <div class="wr-form">
                         <h1 id="policy-naming-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
                         <hr>
@@ -107,7 +107,7 @@
                     </div>
                 </div>
 
-                <div class="container col-centered wr-content policy-criteria hidden">
+                <div class="col-centered wr-content policy-criteria hidden">
                     <div class="wr-form">
                         <h1 id="policy-criteria-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
                         <hr>
@@ -204,7 +204,7 @@
                     </div>
                 </div>
 
-                <div class="container col-centered wr-content policy-profile">
+                <div class="col-centered wr-content policy-profile">
                     <div class="wr-form">
                         <h1 id="policy-profile-page-wizard-title" class="page-sub-title">EDIT POLICY</h1>
                         <hr>

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/permission.hbs

@@ -21,6 +21,9 @@
         <!-- content -->
         <div id="role-create-form" class="container col-centered wr-content">
             <div class="wr-form">
+                <div id="permission-add-error-msg" class="alert alert-danger hidden" role="alert">
+                    <i class="icon fw fw-error"></i><span></span>
+                </div>
                 <p class="page-sub-title">Change Role permissions</p>
                 <p>Please note that * sign represents required fields of data.</p>
                 <div class="wr-steps hidden" id="role_wizard_header">

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.role.edit.permission/public/js/bottomJs.js

@@ -30,6 +30,8 @@
  */
 var modalPopup = ".modal";
 var modalPopupContent = modalPopup + " .modal-content";
+var errorMsgWrapper = "#permission-add-error-msg";
+var errorMsg = "#permission-add-error-msg span";
 
 var apiBasePath = "/api/device-mgt/v1.0";
 
@@ -148,7 +150,8 @@ $(document).ready(function () {
         var perms = [];
         $("#permissionList li input:checked").each(function(){
             perms.push($(this).data("resourcepath"));
-        })
+        });
+        updateRolePermissionData.roleName = roleName;
         updateRolePermissionData.permissions = perms;
         invokerUtil.put(
             updateRolePermissionAPI,

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/units/cdmf.unit.ui.theme/public/css/custom-desktop.css

@@ -2824,9 +2824,13 @@ a.ast-type-item:hover {
    opacity: 0.5;
 }
 
-.wr-btn:hover {
+.wr-btn:hover,a.wr-btn:hover  {
+    color:#b3e7ff;
 	background-color: #16436D;
 }
+.wr-btn:active,a.wr-btn:active,.wr-btn:focus,a.wr-btn:focus {
+    color:#b3e7ff;
+}
 
 .wr-btn-grp {
     margin-top: 40px;

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/config/Permissions.java

@@ -23,7 +23,7 @@ import javax.xml.bind.annotation.XmlType;
  *           <simpleType>
  *             <restriction base="{http://www.w3.org/2001/XMLSchema}string">
  *               <enumeration value="/permission/device-mgt/user/groups/device_operation"/>
- *               <enumeration value="/permission/device-mgt/admin/groups"/>
+ *               <enumeration value="/permission/device-mgt/groups"/>
  *               <enumeration value="/permission/device-mgt/user/groups"/>
  *               <enumeration value="/permission/device-mgt/user/groups/device_monitor"/>
  *             </restriction>

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyManagementDAOFactory.java

@@ -20,13 +20,16 @@ package org.wso2.carbon.policy.mgt.core.dao;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
 import org.wso2.carbon.device.mgt.common.IllegalTransactionStateException;
+import org.wso2.carbon.device.mgt.common.UnsupportedDatabaseEngineException;
 import org.wso2.carbon.policy.mgt.core.config.datasource.DataSourceConfig;
 import org.wso2.carbon.policy.mgt.core.config.datasource.JNDILookupDefinition;
-import org.wso2.carbon.policy.mgt.core.dao.impl.FeatureDAOImpl;
 import org.wso2.carbon.policy.mgt.core.dao.impl.MonitoringDAOImpl;
 import org.wso2.carbon.policy.mgt.core.dao.impl.PolicyDAOImpl;
 import org.wso2.carbon.policy.mgt.core.dao.impl.ProfileDAOImpl;
+import org.wso2.carbon.policy.mgt.core.dao.impl.feature.GenericFeatureDAOImpl;
+import org.wso2.carbon.policy.mgt.core.dao.impl.feature.SQLServerFeatureDAOImpl;
 import org.wso2.carbon.policy.mgt.core.dao.util.PolicyManagementDAOUtil;
 
 import javax.sql.DataSource;
@@ -38,15 +41,26 @@ import java.util.List;
 public class PolicyManagementDAOFactory {
 
     private static DataSource dataSource;
+    private static String databaseEngine;
     private static final Log log = LogFactory.getLog(PolicyManagementDAOFactory.class);
     private static ThreadLocal<Connection> currentConnection = new ThreadLocal<>();
 
     public static void init(DataSourceConfig config) {
         dataSource = resolveDataSource(config);
+        try {
+            databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
+        } catch (SQLException e) {
+            log.error("Error occurred while retrieving config.datasource connection", e);
+        }
     }
 
     public static void init(DataSource dtSource) {
         dataSource = dtSource;
+        try {
+            databaseEngine = dataSource.getConnection().getMetaData().getDatabaseProductName();
+        } catch (SQLException e) {
+            log.error("Error occurred while retrieving config.datasource connection", e);
+        }
     }
 
     public static PolicyDAO getPolicyDAO() {
@@ -58,7 +72,20 @@ public class PolicyManagementDAOFactory {
     }
 
     public static FeatureDAO getFeatureDAO() {
-        return new FeatureDAOImpl();
+        if (databaseEngine != null) {
+            switch (databaseEngine) {
+                case DeviceManagementConstants.DataBaseTypes.DB_TYPE_MSSQL:
+                    return new SQLServerFeatureDAOImpl();
+                case DeviceManagementConstants.DataBaseTypes.DB_TYPE_ORACLE:
+                case DeviceManagementConstants.DataBaseTypes.DB_TYPE_POSTGRESQL:
+                case DeviceManagementConstants.DataBaseTypes.DB_TYPE_H2:
+                case DeviceManagementConstants.DataBaseTypes.DB_TYPE_MYSQL:
+                    return new GenericFeatureDAOImpl();
+                default:
+                    throw new UnsupportedDatabaseEngineException("Unsupported database engine : " + databaseEngine);
+            }
+        }
+        throw new IllegalStateException("Database engine has not initialized properly.");
     }
 
     public static MonitoringDAO getMonitoringDAO() {

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/feature/AbstractFeatureDAO.java

@@ -1,22 +1,22 @@
 /*
-*  Copyright (c) 2015 WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
+ *
-*  WSO2 Inc. licenses this file to you under the Apache License,
+ * WSO2 Inc. licenses this file to you under the Apache License,
-*  Version 2.0 (the "License"); you may not use this file except
+ * Version 2.0 (the "License"); you may not use this file except
-*  in compliance with the License.
+ * in compliance with the License.
-*  You may obtain a copy of the License at
+ * you may obtain a copy of the License at
-*
+ *
-*    http://www.apache.org/licenses/LICENSE-2.0
+ *   http://www.apache.org/licenses/LICENSE-2.0
-*
+ *
-* Unless required by applicable law or agreed to in writing,
+ * Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
+ * software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied.  See the License for the
+ * KIND, either express or implied.  See the License for the
-* specific language governing permissions and limitations
+ * specific language governing permissions and limitations
-* under the License.
+ * under the License.
-*/
+ */
 
-package org.wso2.carbon.policy.mgt.core.dao.impl;
+package org.wso2.carbon.policy.mgt.core.dao.impl.feature;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -40,9 +40,12 @@ import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.List;
 
-public class FeatureDAOImpl implements FeatureDAO {
+/**
+ * Abstract implementation of FeatureDAO which holds generic SQL queries.
+ */
+public abstract class AbstractFeatureDAO implements FeatureDAO {
 
-    private static final Log log = LogFactory.getLog(FeatureDAOImpl.class);
+    private static final Log log = LogFactory.getLog(AbstractFeatureDAO.class);
 
     @Override
     public ProfileFeature addProfileFeature(ProfileFeature feature, int profileId) throws FeatureManagerDAOException {
@@ -55,52 +58,6 @@ public class FeatureDAOImpl implements FeatureDAO {
         return null;
     }
 
-    @Override
-    public List<ProfileFeature> addProfileFeatures(List<ProfileFeature> features, int profileId) throws
-            FeatureManagerDAOException {
-
-        Connection conn;
-        PreparedStatement stmt = null;
-        ResultSet generatedKeys = null;
-        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
-
-        try {
-            conn = this.getConnection();
-            String query = "INSERT INTO DM_PROFILE_FEATURES (PROFILE_ID, FEATURE_CODE, DEVICE_TYPE, CONTENT, " +
-                    "TENANT_ID) VALUES (?, ?, ?, ?, ?)";
-            stmt = conn.prepareStatement(query, new String[] {"id"});
-
-            for (ProfileFeature feature : features) {
-                stmt.setInt(1, profileId);
-                stmt.setString(2, feature.getFeatureCode());
-                stmt.setString(3, feature.getDeviceType());
-               // if (conn.getMetaData().getDriverName().contains("H2")) {
-                //    stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
-               // } else {
-                    stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
-                //}
-                stmt.setInt(5, tenantId);
-                stmt.addBatch();
-                //Not adding the logic to check the size of the stmt and execute if the size records added is over 1000
-            }
-            stmt.executeBatch();
-
-            generatedKeys = stmt.getGeneratedKeys();
-            int i = 0;
-
-            while (generatedKeys.next()) {
-                features.get(i).setId(generatedKeys.getInt(1));
-                i++;
-            }
-
-        } catch (SQLException | IOException e) {
-            throw new FeatureManagerDAOException("Error occurred while adding the feature list to the database.", e);
-        } finally {
-            PolicyManagementDAOUtil.cleanupResources(stmt, generatedKeys);
-        }
-        return features;
-    }
-
     @Override
     public List<ProfileFeature> updateProfileFeatures(List<ProfileFeature> features, int profileId) throws
                                                                                                     FeatureManagerDAOException {
@@ -381,5 +338,4 @@ public class FeatureDAOImpl implements FeatureDAO {
     private Connection getConnection() throws FeatureManagerDAOException {
         return PolicyManagementDAOFactory.getConnection();
     }
-
 }

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/feature/GenericFeatureDAOImpl.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.policy.mgt.core.dao.impl.feature;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.policy.mgt.common.ProfileFeature;
+import org.wso2.carbon.policy.mgt.core.dao.FeatureManagerDAOException;
+import org.wso2.carbon.policy.mgt.core.dao.PolicyManagementDAOFactory;
+import org.wso2.carbon.policy.mgt.core.dao.util.PolicyManagementDAOUtil;
+import org.wso2.carbon.policy.mgt.core.util.PolicyManagerUtil;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.List;
+
+/**
+ * FeatureDAO implementation for DB engines with ANSI SQL support.
+ */
+public final class GenericFeatureDAOImpl extends AbstractFeatureDAO {
+
+    private static final Log log = LogFactory.getLog(GenericFeatureDAOImpl.class);
+
+    @Override
+    public List<ProfileFeature> addProfileFeatures(List<ProfileFeature> features, int profileId) throws
+            FeatureManagerDAOException {
+
+        Connection conn;
+        PreparedStatement stmt = null;
+        ResultSet generatedKeys = null;
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+        try {
+            conn = this.getConnection();
+            String query = "INSERT INTO DM_PROFILE_FEATURES (PROFILE_ID, FEATURE_CODE, DEVICE_TYPE, CONTENT, " +
+                    "TENANT_ID) VALUES (?, ?, ?, ?, ?)";
+            stmt = conn.prepareStatement(query, new String[] {"id"});
+
+            for (ProfileFeature feature : features) {
+                stmt.setInt(1, profileId);
+                stmt.setString(2, feature.getFeatureCode());
+                stmt.setString(3, feature.getDeviceType());
+               // if (conn.getMetaData().getDriverName().contains("H2")) {
+                //    stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
+               // } else {
+                    stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
+                //}
+                stmt.setInt(5, tenantId);
+                stmt.addBatch();
+                //Not adding the logic to check the size of the stmt and execute if the size records added is over 1000
+            }
+            stmt.executeBatch();
+
+            generatedKeys = stmt.getGeneratedKeys();
+            int i = 0;
+
+            while (generatedKeys.next()) {
+                features.get(i).setId(generatedKeys.getInt(1));
+                i++;
+            }
+
+        } catch (SQLException | IOException e) {
+            throw new FeatureManagerDAOException("Error occurred while adding the feature list to the database.", e);
+        } finally {
+            PolicyManagementDAOUtil.cleanupResources(stmt, generatedKeys);
+        }
+        return features;
+    }
+
+    private Connection getConnection() throws FeatureManagerDAOException {
+        return PolicyManagementDAOFactory.getConnection();
+    }
+}

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/feature/SQLServerFeatureDAOImpl.java

@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * you may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.policy.mgt.core.dao.impl.feature;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.policy.mgt.common.ProfileFeature;
+import org.wso2.carbon.policy.mgt.core.dao.FeatureManagerDAOException;
+import org.wso2.carbon.policy.mgt.core.dao.PolicyManagementDAOFactory;
+import org.wso2.carbon.policy.mgt.core.dao.util.PolicyManagementDAOUtil;
+import org.wso2.carbon.policy.mgt.core.util.PolicyManagerUtil;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.List;
+
+/**
+ * FeatureDAO implementation for MSSQL DB engine.
+ */
+public final class SQLServerFeatureDAOImpl extends AbstractFeatureDAO {
+
+    private static final Log log = LogFactory.getLog(SQLServerFeatureDAOImpl.class);
+
+    @Override
+    public List<ProfileFeature> addProfileFeatures(List<ProfileFeature> features, int profileId) throws
+                                                                                                 FeatureManagerDAOException {
+
+        Connection conn;
+        PreparedStatement stmt = null;
+        ResultSet generatedKeys = null;
+        int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
+
+        try {
+            conn = this.getConnection();
+            String query = "INSERT INTO DM_PROFILE_FEATURES (PROFILE_ID, FEATURE_CODE, DEVICE_TYPE, CONTENT, " +
+                           "TENANT_ID) VALUES (?, ?, ?, ?, ?)";
+            stmt = conn.prepareStatement(query, new String[] {"id"});
+
+            for (ProfileFeature feature : features) {
+                stmt.setInt(1, profileId);
+                stmt.setString(2, feature.getFeatureCode());
+                stmt.setString(3, feature.getDeviceType());
+                // if (conn.getMetaData().getDriverName().contains("H2")) {
+                //    stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
+                // } else {
+                stmt.setBytes(4, PolicyManagerUtil.getBytes(feature.getContent()));
+                //}
+                stmt.setInt(5, tenantId);
+                stmt.addBatch();
+                //Not adding the logic to check the size of the stmt and execute if the size records added is over 1000
+            }
+            stmt.executeBatch();
+// This logic has been commented out due to getGeneratedKeys method is not supported in MSSQL.
+//            generatedKeys = stmt.getGeneratedKeys();
+//            int i = 0;
+//
+//            while (generatedKeys.next()) {
+//                features.get(i).setId(generatedKeys.getInt(1));
+//                i++;
+//            }
+
+        } catch (SQLException | IOException e) {
+            throw new FeatureManagerDAOException("Error occurred while adding the feature list to the database.", e);
+        } finally {
+            PolicyManagementDAOUtil.cleanupResources(stmt, generatedKeys);
+        }
+        return features;
+    }
+
+    private Connection getConnection() throws FeatureManagerDAOException {
+        return PolicyManagementDAOFactory.getConnection();
+    }
+
+}